Advisories » MGASA-2020-0061

Updated libbsd packages fix security vulnerability

Publication date: 28 Jan 2020
Modification date: 28 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20367

Description

It was discovered that libbsd incorrectly handled certain strings, due
to an out-of-bounds read during a comparison for a symbol name from the
string table (strtab) in nlist.c. An attacker could possibly use this
issue to access sensitive information (CVE-2019-20367).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26132
• https://usn.ubuntu.com/4243-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20367

SRPMS

7/core

• libbsd-0.9.1-3.1.mga7